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DETAILED ACTION 

1 . Applicant's arguments filed December 26, 2006 have been fully considered but 
are not persuasive. 

2. Claims 1-18, 26-30, 32-48, 55-57, and 60-63 are pending and have been 
examined. Claims 19-25, 31, 49-54, and 58-59 have been canceled. 

Response to Amendment 

3. The objections to the specification are withdrawn. 

4. The objection to claim 48 is withdrawn. 

5. Regarding the Double Patenting rejection, the instant application's claims have 
not been patented, this is why it is a provisional obviousness-type double patenting 
rejection. The fact that the documents are received from a known source, does not 
imply in any way that the documents are trusted, and for security reasons, applying 
access policies to data received from the database as taught by Fletcher is analogous 
to applying access policies (security zones, etc) to data accessed through the web. 
Fletcher is not limiting to where the data comes from, but how the access to the data is 
controlled, Applicant's arguments are not persuasive. 

6. Examiner is not clear as to Applicant's arguments, since it appears to be a 
conflict between the arguments against the Double Patenting and the arguments 
against the 35 USC 102 rejection. The conflict is as follows, regarding the double 
patenting, Applicant states that the documents are retrieved from a known source and 
provide security based on who accesses it (page 11), while the arguments against the 
35 USC 102 rejection state that Fletcher is silent with respect to the source of the 



Application/Control Number: 10/047,302 Page 3 

Art Unit: 2136 

content. Examiner submits Fletcher teaches this feature since the markup language 
syntax is encoded in the markup language and indicates a security level of the delimited 
security-sensitive section (Fletcher, claim 1). According to this interpretation, the 
database is the source. Applicant's arguments are not persuasive. 

7. Regarding claims 26-30 and 32-48, in response to applicant's argument that the 
references fail to show certain features of applicant's invention, it is noted that the 
features upon which applicant relies (i.e., protecting a computer from malicious code) 
are not recited in the rejected claim(s). Although the claims are interpreted in light of 
the specification, limitations from the specification are not read into the claims. See In 
re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

8. Examiner would further like to point that inheritance of behavior and overwriting 
behavior that may be inherited was conventional and well known as shown by Bloch 
(US Patent 6,820,261, col. 6, lines 22-50 and claim 1) as it applies to the programming 
language Java 4 , and providing such functionality to other languages (programming or 
markup languages) would have been obvious to someone of ordinary skill in the art. 
Applicant's arguments are not persuasive. 

9. The applicant has not traversed the examiner's use of official notice with 
regards to the claimed limitations found in claims 3 and 42, these features are 
taken by the examiner to be admitted prior art since the applicant has not 
adequately challenged the examiner's use of official notice (see MPEP 2144.03(c), 
2144.04). 
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10. Examiner further submits that adding an attribute to the already defined HTML 
set of tags and attributes to fit some specific purpose would have been obvious, in other 
words extending the functionality of the language (NPL "XML and security") would have 
been analogous to adding an extra letter to the English alphabet. 
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Double Patenting 

11. Claims 1-18, 26-30, 32-48, 55-57, and 60-63 are provisionally rejected on the 
ground of nonstatutory obviousness-type double patenting as being unpatentable over 
claims 1-19 of U.S. Patent No. 6,366,912 to Wallent et al. in view of Fletcher et al. (US 
Patent 7,010,681, hereinafter Fletcher). 

12. Wallent et al. teach the use of security zones with a browser and markup 
language elements (columns 11-12, claims 1-19), Fletcher teaches using security 
attributes with markup language elements (summary, columns 3-4). Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was 
made to apply the teachings of Fletcher to the system of Wallent et al. One of ordinary 
skill in the art would have been motivated to do so to further protect the system of 
Wallent from downloaded content (Fletcher, columns 1-2). 

13. Although the conflicting claims are not identical, they are not patentably distinct 
from each other because the subject matter claimed in the instant application is claimed 
in the referenced patent. 

14. This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 
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Claim Rejections - 35 USC § 102 

15. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

16. Claims 1-6, 9-10, 12, 17-18, 55-56, and 60-62 are rejected under 35 
U.S.C. 102(e) as being anticipated by Fletcher. 

Regarding claim 1, Fletcher teaches in a computer system, a method 
comprising: 

receiving a page comprising content including one or more elements 
having active content; and 

controlling page output and any actions corresponding to at least part of 
the content by: 

o 1 ) interpreting at least one part of the page based on a first set of 
security settings, the first set of security settings being based on an 
identifier indicating a source from which the page is obtained (column 
5, lines 1-50); and 

o 2) interpreting at least one other part of the page based on a second 
set of security settings associated with an element of the page, the 
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second set of security settings being different from the first set (column 
6, lines 1-50, claims 1-13). 
Regarding claim 55, Fletcher teaches a markup language document, 
comprising: 

a first set of content associated with a first set of security settings, the 
first set of security settings being based on an identifier indicating a 
source on a network or a local computer from which the first set of 
content is obtained (column 5, lines 1-50); and 

a second set of content associated with a second set of security settings, 
the second set of security settings being different from the first set of 
security settings (column 6, lines 1-50, claims 1-13). 
Regarding claim 2, Fletcher teaches wherein receiving the page includes 
accessing data received from a remote source (column 6, lines 1-50, claims 1-13). 

Regarding claim 3, Fletcher teaches wherein receiving the page includes 
accessing data received from a cache (column 5, lines 1-27). Furthermore, this feature 
has been admitted per applicant to have been conventional and well known to access 
data received from a cache at the time the invention was made. 

Regarding claim 4, Fletcher teaches wherein a first action is requested in the 
content in the at least one part of the page interpreted with the first set of security 
settings, wherein a second action that is similar to the first action is requested in the 
content in the at least one other part of the page interpreted with the second set of 
security settings, and wherein controlling page output and any actions comprises, 



Application/Control Number: 10/047,302 Page 8 

Art Unit: 2136 

allowing the first action and disallowing the second action (column 6, lines 1-50, claims 
1-13). 

Regarding claim 5, Fletcher teaches wherein the first action corresponds to a 
command to run a first set of script, and wherein the second action corresponds to a 
command to run a second set of script (Summary of the invention, column 3, lines 40- 
67). 

Regarding claim 6, Fletcher teaches wherein the first action corresponds to a 
command to download a first set of data, and wherein the second action corresponds to 
a command to download a second set of data (Summary of the invention, column 4, 
lines 1-67). 

Regarding claim 9, Fletcher teaches wherein a first action is requested in the 
content in the at least one part of the page interpreted with the first set of security 
settings, wherein a second action that is similar to the first action is requested in the 
content in the at least one other part of the page interpreted with the second set of 
security settings, and wherein controlling page output and any actions comprises, 
disallowing the first action and allowing the second action (column 6, lines 1-50, claims 
1-13). 

Regarding claim 10, Fletcher teaches wherein interpreting at least one part of 
the page based on a first set of security settings comprises, retrieving the first set of 
security settings based on the identifier, and associating the first set of security settings 
with the at least one part of the page (column 5, lines 1-50). 
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Regarding claim 12, Fletcher teaches wherein the interpreting at least one other 
part of the page based on a second set of security settings comprises, recognizing 
security data associated with the element, and associating the second set of security 
settings with the at least one other part of the page based on the security data (column . 
6, lines 1-50). 

Regarding claim 17, Fletcher teaches wherein controlling page output and any 
actions further comprises, accessing privacy settings (column 4, lines 1-48). 

Regarding claim 18, Fletcher teaches a computer-readable medium having 
computer-executable-instructions for performing the method of claim 1 (abstract). 

Regarding claim 56, Fletcher teaches wherein the first set of content 
corresponds to a page, the second set of content is included in the page, and wherein 
the second set of security settings take precedence over the first set of security settings 
with respect to determining security for the second set of content (columns 5-6). 

Regarding claim 60, Fletcher teaches wherein the markup language document 
includes a reference to a file that corresponds to at least some of the second set of 
security settings (columns 5-6). 

Regarding claim 61, Fletcher teaches wherein the markup language document 
includes a reference to a source of remote data that corresponds to at least some of the 
second set of security settings (column 6, lines 1-50). 

Regarding claim 62, Fletcher teaches wherein the markup language document 
includes a string of data that corresponds to at least some of the second set of security 
settings (column 6, lines 1-50). 
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Claim Rejections - 35 USC § 103 

17. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

18. Claims 7-8, 11, 13-14, 16, and 57 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Fletcher. 

Regarding claims 7 and 8, Fletcher does not expressly disclose prompting a 
user for a response. However, Examiner takes Official Notice that prompting a user for 
a response was conventional and well known. Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to prompt a user 
for a response since Examiner takes Official Notice that it was conventional and well 
known. 

Regarding claims 11 and 13, Fletcher does not expressly disclose constructing 
a tree to represent the page. However, Fletcher teaches parsing the document and 
wherein associating the settings with the at least one part / other part of the page 
includes storing data corresponding to the security settings / second set of security 
settings at a node in the structure that corresponds to the element (tags, columns 5-6). 
Therefore, it would have been obvious to store a tree as a representation of the 
document, since a tree is just a representation used for parsing the document. 

Regarding claim 14, Fletcher teaches wherein storing data corresponding to the 
second set of security settings comprises negotiating the second set of settings (column 
5, lines 55-67, column 6, lines 1-33). 
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Regarding claim 16, Fletcher does not expressly disclose least one setting in 
the second set of security settings based on security information associated with a child 
node in the tree. However, Fletcher teaches associating settings with nodes (columns 5- 
6). 

Regarding claim 57, Fletcher does not expressly disclose a frame element. 
However, Fletcher teaches associating security settings to nodes/tags (columns 5-6). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to apply the teachings-to a specific element. 
19. Claims 15 and 63 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fletcher, and further in view of Edwards (NPL "The guide to Internet Security 
Zones"). 

Regarding claim 15, Fletcher does not expressly disclose inheritance. However, 
Edwards teaches wherein negotiating the second set of settings comprises inheriting at 
least one setting in the second set based on security information associated with a 
parent node in the tree (pages 1-3). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to apply the teachings 
of Edwards to the system of Fletcher. One of ordinary skill in the art would have been 
motivated to do so to further protect the system of Fletcher. 

. Regarding claim 63, Fletcher does not expressly disclose inheritance. However, 
Edwards teaches wherein the markup language document includes information 
indicating that at least some of the second set of security settings should be determined 
relative to other security settings (pages 1-3). Therefore, it would have been obvious to 
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one having ordinary skill in the art at the time the invention was made to apply the 
teachings of Edwards to the system of Fletcher. One of ordinary skill in the art would 
have been motivated to do so to further protect the system of Fletcher. 
20. Claims 26-30 and 32-48 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Fletcher, and further in view of Snell (NPL "SAMS teach 
yourself the internet in 24 hrs"). 

Regarding claim 26, Fletcher teaches 

in a computer connected to a network, a system comprising: 
browser software that interprets content received from the network 
(column 6, lines 1-50, claims 1-13), and 

a security mechanism that associates a first security level with a first part 
of the content and associates a second security level with a second part 
of the content, the security mechanism being further operable to 
associate a first set of security settings with the first part of the content 
based on the first security level, and associate a second set of security 
settings with the second part of the content based on the second security 
level, the second set of security settings being different from the first 
(column 6, lines 1-50, claims 1-13), wherein 

the security mechanism associates at least one of the first security level 
with the first part of the content or the second security level with the 
second part of the content based on an identifier indicating a source on 
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the network or the computer from which the first part of the content or the 
second part of the content is obtained (column 5, lines 1-50). 

Fletcher does not expressly disclose using security zones. However, Snell 
teaches using security zones (pages 1-8). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to apply the teachings 
of Snell to the system of Fletcher. One of ordinary skill in the art would have been 
motivated to do so to further protect the system of Fletcher. 

Regarding claim 27, the combination of Fletcher and Snell teaches a negotiator 
that controls the second set of security settings (Fletcher, fig 3, and discussion). 

Regarding claim 28, the combination of Fletcher and Snell teaches wherein the 
negotiator controls the second set of security settings relative to the first set of security 
settings (Fletcher, column 5, lines 42-67). 

Regarding claim 29, the combination of Fletcher and Snell does not expressly 
disclose inheritance. However, Examiner takes Official Notice that using inheritance 
was conventional and well known. Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to inherit security settings 
from a parent in the system of Fletcher and Snell since Examiner takes Official Notice 
that it was conventional and well known. 

Regarding claim 30, the combination of Fletcher and Snell teaches wherein the 
indicator indicates a website on the network or a file on the computer (Fletcher, column 
6, lines 1-50, claims 1-13). 
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Regarding claim 32, the combination of Fletcher and Snell teaches wherein the 
second part of the content corresponds to an element in the content (Fletcher, column 
6, lines 1-50, claims 1-13). 

Regarding claim 33, the combination of Fletcher and Snell teaches a 
component that detects security data associated with the element (Fletcher, fig 3, 
column 6, lines 1-50, claims 1-13). 

Regarding claim 34, the combination of Fletcher and Snell teaches wherein the 
security data associated with the element comprises, a reference to a security zone 
(Fletcher, fig 3, column 6, lines 1-50, claims 1-13, Snell, pages 1-8). 

Regarding claim 35, the combination of Fletcher and Snell teaches wherein the 
security data associated with the element comprises, a reference to a file (Fletcher, fig 
3, column 6, lines 1-50, claims 1-13). 

Regarding claim 36, the combination of Fletcher and Snell teaches wherein the 
security data associated with the element comprises, a reference to a source of remote 
data (Fletcher, fig 3, column 6, lines 1-50, claims 1-13). 

Regarding claim 37, the combination of Fletcher and Snell teaches wherein the 
security data associated with the element comprises a string of data corresponding to at 
least some of the security settings (Fletcher, fig 3, column 6, lines 1-50, claims 1-13). 

Regarding claim 38, the combination of Fletcher and Snell teaches wherein the 
security data associated with the element comprises information indicating that the 
security settings should be determined relative to other security settings (Fletcher, fig 3, 
column 6, lines 1-50, claims 1-13, Snell, pages 1-8). 
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Regarding claim 39, the combination of Fletcher and Snell teaches does not 
expressly disclose a tree of nodes constructed from the content. However, Fletcher 
teaches parsing the document and nodes associated with one setting and other nodes 
associated with another setting (tags, columns 5-6). Therefore, it would have been 
obvious to store a tree as a representation of the document, since a tree is just a 
representation used for parsing the document. 

Regarding claim 40, the combination of Fletcher and Snell teaches a negotiator 
that controls the second set of security settings (Fletcher, fig 3, and discussion). 

Regarding claim 41, the combination of Fletcher and Snell teaches wherein the 
negotiator evaluates the second set of security settings (Fletcher, fig 3, and discussion). 

Regarding claim 42, the combination of Fletcher and Snell teaches wherein the 
negotiator changes at least one setting in the second set of security settings based on a 
rule (Fletcher, fig 3, and discussion, columns 5-6). 

Regarding claim 43, the combination of Fletcher and Snell teaches at least one 
other node in the tree that is associated with security settings based on inheriting 
information from a parent node (Fletcher, fig 3, and discussion). 

Regarding claims 44 and 45, the combination of Fletcher and Snell teaches 
wherein the parent node comprises the first / second node (Fletcher, fig 3, and 
discussion). 

Regarding claim 46, the combination of Fletcher and Snell teaches at least one 
other node in the tree that is associated with security settings based on security data of 
a child node (Fletcher, fig 3, and discussion). 
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Regarding claim 47, the combination of Fletcher and Snell does not expressly 
disclose a frame element. However, Fletcher teaches associating security settings to 
nodes/tags (columns 5-6). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to apply the teachings to a specific 
element. 

Regarding claim 48, the combination of Fletcher and Snell teaches wherein the 
content comprises a HyperText Markup Language page (Snell, pages 1-8, Fletcher, 
columns 3-4). 
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Conclusion 

21 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, off 
on Wednesday. 

23. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on (571) 272-4195. The fax phon.e 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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24. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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